Attacks on web applications open wide opportunities for intruders: this is the theft of critical information or sensitive information; Breaking business logic for financial gain; Also, a successful attack of a web application can be a harbinger of hacking the company’s corporate network. In this article, I’ll talk about the evolution of Web application attacks.
Fiddler is a free web debugging proxy which logs all HTTP(s) traffic between your computer and the Internet. Use it to debug traffic from virtually any application that supports a proxy like IE, Chrome, Safari, Firefox, Opera and more. Fiddler could be easily manipulate and edit web sessions. All you need to do is set
Android application components are essential building blocks of an Android App. Every app is built as a combination of some or all of those components, which can be invoked individually. There are four main components in Android; Activity, Service, Content Providers and Broadcast Receivers, which are explained below : Activity This android application components to
What is usbmuxd? usbmuxd stands for “USB multiplexing daemon”. This daemon is in charge of multiplexing connections over USB to an iOS device. To users, it means you can sync your music, contacts, photos, etc. over USB. To developers, it means you can connect to any listening localhost socket on the device. usbmuxd is not
Hi folks, Sometimes we want to run a command while inspecting the results. Here is the tips how to split linux terminal by using screen. First activate screen :
|
1 |
$ screen |
Split terminal horizontally :
|
1 |
Ctrl + A and then Shift + S |
Split terminal vertically :
|
1 |
Ctrl + A and then Ctrl + | (pipe sign) |
Activating window :
|
1 |
Ctrl + A and then press C |
Move between window :
|
1 |
Ctrl + A and then press Tab |
Thats how to split linux terminal.
Lets continue the last article since i was busy with my real life. From the last article i successfully get into the server from SSH service. Now lets enumerate the network inside the server based on this network diagram. First, lets check if Nmap already installed on the server:
|
1 2 3 4 5 6 7 |
e.lindsey@tl10-ssh:~$ nmap -version Nmap version 6.00 ( http://nmap.org ) Platform: x86_64-unknown-linux-gnu Compiled with: liblua-5.1.5 openssl-1.0.1e libpcre-8.30 libpcap-1.3.0 nmap-libdnet-1.12 ipv6 Compiled without: e.lindsey@tl10-ssh:~$ |
Great!! lets mapping the network.
Lets playing around with pentestit.ru testlab v.10. Target IP : 192.168.101.9 Nmap :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
$ nmap 192.168.101.9 -A Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-09 22:27 EDT Nmap scan report for gds.lab (192.168.101.9) Host is up (0.56s latency). Not shown: 995 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u6 (protocol 2.0) | ssh-hostkey: | 1024 bd:04:9b:d8:8d:0e:5b:e3:11:a7:57:18:c0:ce:9f:83 (DSA) | 2048 98:e6:d0:35:6d:11:c4:d1:fb:7c:0f:87:c6:b6:8e:da (RSA) |_ 256 2c:58:fd:06:ea:46:8e:f7:b5:28:58:58:06:fa:dc:38 (ECDSA) 25/tcp open smtp CommuniGate Pro mail server 6.0.9 |_smtp-commands: SMTP EHLO gds.lab: failed to receive data: connection timeout 80/tcp open http nginx 1.10.1 |_http-server-header: nginx/1.10.1 | http-title: 400 Bad Request |_Requested resource was http://store.gds.lab 443/tcp open http nginx 1.2.1 |_http-server-header: nginx/1.2.1 |_http-title: Security Blog by GlobalDataSecurity 8100/tcp open http CommuniGate Pro httpd 6.0.9 | http-methods: |_ Potentially risky methods: PUT DELETE LOCK UNLOCK MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH ACL MKCALENDAR |_http-server-header: CommuniGatePro/6.0.9 |_http-svn-info: ERROR: Script execution failed (use -d to debug) |_http-title: CommuniGate Pro gds.lab Entrance | http-webdav-scan: | Server Type: CommuniGatePro/6.0.9 | Public Options: OPTIONS, GET, HEAD, POST, PUT, DELETE, LOCK, UNLOCK, MKCOL, PROPFIND, PROPPATCH, MOVE, COPY, REPORT, SEARCH, ACL, MKCALENDAR | Allowed Methods: OPTIONS, GET, HEAD, POST, PUT, DELETE, LOCK, UNLOCK, MKCOL, PROPFIND, PROPPATCH, MOVE, COPY, REPORT, SEARCH, ACL, MKCALENDAR | WebDAV type: Unkown | Server Date: Mon, 10 Apr 2017 02:28:28 GMT | Directory Listing: | / | /CalDAV/ | /CalDAV/INBOX/ | /CalDAV/Outbox/ | /WebDAV/private/caldav/ |_ /CalDAV/Notify/ Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 164.07 seconds |
Lets check HTTP header on port 80 :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
$ curl -I http://192.168.101.9 HTTP/1.1 200 OK Server: nginx/1.10.1 Date: Mon, 10 Apr 2017 00:34:08 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive X-Powered-By: PHP/5.4.45-0+deb7u5 Set-Cookie: PHPSESSID=fcll0vv9bgfv5t8qf2nklig4p3; path=/; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: default=963592ccd56622f61d552345b8; path=/; httponly Set-Cookie: language=en-gb; expires=Wed, 10-May-2017 00:34:08 GMT; path=/; domain=192.168.101.9 Set-Cookie: currency=USD; expires=Wed, 10-May-2017 00:34:08 GMT; path=/; domain=192.168.101.9 |
I tried to open the IP address through web browser but its like taking forever to load the page. 🙁 Ok, lets examine the source of the page:
|
1 2 3 4 5 6 7 8 9 10 |
<html dir="ltr" lang="en"> <!--<![endif]--> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>GDS WARE</title> <base href="http://store.gds.lab/" /> <meta name="description" content="GDS WARE" /> <meta name="keywords" content= "GDS WARE" /> |
I found store.gds.lab domain inside
Today, i wanna try to create a simple undetected (hopefully FUD) web shell backdoor. I am using VirusTotal (yes, i want them to check my file, lol..). So, what is FUD? Fully undetectable (usually shortened as “FUD”) can stand for data that had been encrypted, making it appear to be random noise. It can also stand
Hi there, Today i just want to share about buffer overflow and a fuzzing tool to check buffer overflow vulnerability. What is Buffer Overflow? A buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. Since buffers are created